Hola!
During these weeks, during Computer Security Training Cycle Intermediate SMR, we are studying techniques and countermeasures to hacker attacks.
We have seen how to perform a penetration test using Metasploit Express tool, a graphical application framework Metasploit. Its operation is simple, the interface is very friendly and documentation is quite detailed. The only drawback is that you need to use an email account that is not free (hotmail, gmail ...).
I leave it catches on you can see the process followed to obtain access to a computer network, specifically to this machine with Windows XP in which the user is browsing the Internet safely:
After creating a project, the first thing to do is scan the network to discover machines, open ports, operating systems, versions of the service ...
then we must seek the right to exploit vulnerable services found, but the whole process is automated:
If we were lucky, there will be open metasploit a session on the target computer and can interact with it:
can, for example, to obtain sensitive data on the target machine, such as screenshots, passwords and system information:
can upload a file to the target machine. The example file shows how to climb the Trojan , keeping it in the C: drive with the name index.php :
Or we can launch a shell and execute commands directly. As you can see it has listed the contents of the directory and displays the routing table:
The truth is that it's easy and fun :-) In the project's own website can download machine Ubuntu virtual ready software and services with vulnerabilities to play with her.
Greetings!
0 comments:
Post a Comment